From b67abc51ba6f78be79f344dfda9c6d0753d79aea Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 2 Nov 2021 14:01:58 +0100
Subject: src: raw payload match and mangle on inner header / payload data

This patch adds support to match on inner header / payload data:

 # nft add rule x y @ih,32,32 0x14000000 counter

you can also mangle payload data:

 # nft add rule x y @ih,32,32 set 0x14000000 counter

This update triggers a checksum update at the layer 4 header via
csum_flags, mangling odd bytes is also aligned to 16-bits.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/proto.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/proto.c')

diff --git a/src/proto.c b/src/proto.c
index 2b61e0ba..fe58c83a 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -28,6 +28,7 @@ const char *proto_base_names[] = {
 	[PROTO_BASE_LL_HDR]		= "link layer",
 	[PROTO_BASE_NETWORK_HDR]	= "network layer",
 	[PROTO_BASE_TRANSPORT_HDR]	= "transport layer",
+	[PROTO_BASE_INNER_HDR]		= "payload data",
 };
 
 const char *proto_base_tokens[] = {
@@ -35,6 +36,7 @@ const char *proto_base_tokens[] = {
 	[PROTO_BASE_LL_HDR]		= "ll",
 	[PROTO_BASE_NETWORK_HDR]	= "nh",
 	[PROTO_BASE_TRANSPORT_HDR]	= "th",
+	[PROTO_BASE_INNER_HDR]		= "ih",
 };
 
 const struct proto_hdr_template proto_unknown_template =
-- 
cgit v1.2.3